fail2ban/fail2ban.init

167 lines
5.0 KiB
Plaintext
Raw Normal View History

#!/bin/sh
#
# Template SUSE system startup script for example daemon fail2ban
# Copyright (C) 2010 Klaus Sinvogel, SUSE / Novell Inc.
#
# This library is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or (at
# your option) any later version.
#
# This library is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307,
# USA.
#
#
### BEGIN INIT INFO
# Provides: fail2ban
# Required-Start: $syslog $remote_fs $local_fs
# Should-Start: $time $network iptables
# Required-Stop: $syslog $remote_fs $local_fs
# Should-Stop: $time $network iptables
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: Bans IPs with too many password failures
# Description: Start fail2ban to scan logfiles and ban IP addresses
# which make too many logfiles failures, and/or sent e-mails about
### END INIT INFO
# Check for missing binaries (stale symlinks should not happen)
FAIL2BAN_CLI=/usr/bin/fail2ban-client
test -x $FAIL2BAN_CLI || { echo "$FAIL2BAN_CLI not installed";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
FAIL2BAN_SRV=/usr/bin/fail2ban-server
test -x $FAIL2BAN_SRV || { echo "$FAIL2BAN_SRV not installed";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
# Check for existence of needed config file and read it
FAIL2BAN_CONFIG=/etc/sysconfig/fail2ban
test -r $FAIL2BAN_CONFIG || { echo "$FAIL2BAN_CONFIG not existing";
if [ "$1" = "stop" ]; then exit 0;
else exit 6; fi; }
# Socket directory
FAIL2BAN_SOCK_DIR="/var/run/fail2ban"
# Read config
. $FAIL2BAN_CONFIG
. /etc/rc.status
rc_reset
case "$1" in
start)
echo -n "Starting fail2ban "
if [ ! -d $FAIL2BAN_SOCK_DIR ]; then
mkdir -p $FAIL2BAN_SOCK_DIR
fi
## Start daemon with startproc(8). If this fails
## the return value is set appropriately by startproc.
startproc $FAIL2BAN_CLI -q $FAIL2BAN_OPTIONS start > /dev/null 2>&1
# Remember status and be verbose
rc_status -v
;;
stop)
echo -n "Shutting down fail2ban "
## Stop daemon with built-in functionality 'stop'
startproc -w $FAIL2BAN_CLI -q stop > /dev/null 2>&1
# Remember status and be verbose
rc_status -v
;;
try-restart|condrestart)
## Do a restart only if the service was active before.
## Note: try-restart is now part of LSB (as of 1.9).
## RH has a similar command named condrestart.
if test "$1" = "condrestart"; then
echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
fi
$0 status
if test $? = 0; then
$0 restart
else
rc_reset # Not running is not a failure.
fi
# Remember status and be quiet
rc_status
;;
restart)
## Stop the service and regardless of whether it was
## running or not, start it again.
$0 stop
$0 start
# Remember status and be quiet
rc_status
;;
force-reload)
## Signal the daemon to reload its config. Most daemons
## do this on signal 1 (SIGHUP).
## If it does not support it, restart the service if it
## is running.
echo -n "Reload service fail2ban "
killproc -HUP $FAIL2BAN_SRV
rc_status -v
## Otherwise:
#$0 try-restart
#rc_status
;;
reload)
## Like force-reload, but if daemon does not support
## signaling, do nothing (!)
# If it supports signaling:
echo -n "Reload service fail2ban "
startproc $FAIL2BAN_CLI -q reload > /dev/null 2>&1
rc_status -v
## Otherwise if it does not support reload:
#rc_failed 3
#rc_status -v
;;
status)
echo -n "Checking for service fail2ban "
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.
# Return value is slightly different for the status command:
# 0 - service up and running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running (unused)
# 4 - service status unknown :-(
# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
# NOTE: checkproc returns LSB compliant status values.
checkproc $FAIL2BAN_SRV
# NOTE: rc_status knows that we called this init script with
# "status" option and adapts its messages accordingly.
rc_status -v
;;
probe)
## Optional: Probe for the necessity of a reload, print out the
## argument to this init script which is required for a reload.
## Note: probe is not (yet) part of LSB (as of 1.9)
test /etc/fail2ban/fail2ban.conf -nt /var/run/fail2ban/fail2ban.pid && echo reload
;;
*)
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
exit 1
;;
esac
rc_exit